Hardware Backdooring is Practical

Explore the practical implications of hardware backdooring in this Black Hat USA 2012 conference talk. Delve into the world of Rakshasa, a generic proof-of-concept malware for Intel architecture capable of infecting over a hundred different motherboards. Learn how this malware permanently disables NX and removes SMM-related fixes from the BIOS, resulting in long-term security vulnerabilities. Discover how preexisting work on MBR subversions, such as bootkiting and preboot authentication software bruteforce, can be easily integrated into Rakshasa. Examine the use of free software, including the Coreboot project, in building this malware. Gain insights into Coreboot and hardware components like BIOS, CMOS, and PIC embedded on motherboards. Understand the inner workings of Rakshasa and witness its capabilities through demonstrations. Consider the implications for the integrity of non-open source firmwares shipped with computers and reflect on the need to update best practices for forensics and post-intrusion analysis to include these firmwares. Cover topics such as generic exploits, removing NX bit, CPU updates, SMM, bootkits, portability, mitigations, and various backdoor techniques including network card and PCI backdoors.